[thelist] making text boxes more secure

Peter Smulders schmolle at pobox.com
Sun Sep 21 17:00:48 CDT 2003 

Hi all,

> Wow, I was not aware of SQL injection. I did some research and some 
> thinking, and I added some layers of protection to my db server.

> <snipped sample code>

I don't know enough about the language you are using to determine
whether you are following this principle or not, but here is a very
basic guideline that old wise men have yelled at me on various occasions:

'Do not protect yourself against possible Bad things, but only accept
the Good.'

In plain Enlish, I understand this to mean as much as 'it is better (and
mathematically a darn sight easier) to state very explicitly what you
want to allow then to try and think of all the things that, on
reflection, you would want to disallow.'

I have also heard this principle paraphrased as 'guarding against
eploits not yet developed'.

> Is this enough? I assume there is no such animal as too much 
> security.

NOTE: the following is not an attempt to start a religious/flame war
between security evangelists or other fanatics. Please treat it accordingly.

There actually is such a thing as too much security: look for the point
in time/effort where the cost of implementing/using the security
feature/technique/whatever is greater than the likelyhood of the
corresponding security breach times the full cost (which is not always
an easy thing to calculate) of that happening.

For example: many people run systems outside of firewalls pretty much
devoid of security features, assuring that when anything happens to such
a system, they can replace/rebuild/restore it at very low cost. Any sort
of security measure is likely to represent a higher cost than what could
possibly be the cost of the damage.

I should point out that these calculations can be dangerous in the wrong
hands; the likelihood of an Internet host being 'attacked' in whatever
way is chronically underestimated. I have had this discussion with
otherwise very responsible system architects, who just couldn't imagine
why anyone would want to crack their system. In a nutshell: most nice
people do not naturally think nearly criminal enough to accurately gauge
the risks.

I should also point out that the topic at hand in this thread is of a
kind where the point of diminishing, zero or even negative returns is
one that is usually far, far away.

For good information on security issues, awareness and technical
details, I can reccommend SecurityFocus[1], if you can stand the volume
and quite depressing content, the BugTraq mailing list[2] or a number of
specific mailing lists[3].


HTH,

Schmolle

[1] http://www.securityfocus.com/
[2] http://www.securityfocus.com/archive/1
[3] http://www.securityfocus.com/archive

-- 
--
email: schmolle at pobox.com
tel: 076 5877 061 / 06 5315 7253

More information about the thelist mailing list